Check for when file_contexts.subs_dist means a label will never apply

Question

Check for when file_contexts.subs_dist means a label will never apply

Opened this issue 4 years ago · 0 comments

dburgener commented 4 years ago

For example if file_contexts.subs_dists contains:

/var/run /run

Then a label like:

/run/user gen_context(system_u:object_r:type_t, s0)

Will never be able to apply, because that path will be substituted out to /var/run during labeling.

This can potentially reveal cases where the file may be mislabeled because the alternative path is not present in file_contexts. (And, perhaps it would make sense to only warn in such a case)